CVE List - 2024 / July
Showing 101 - 200 of 3117 CVEs for July 2024 (Page 2 of 32)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2024-38474 | 2024-07-01 | Apache HTTP Server weakness with encoded question marks in backreferences |
| CVE-2024-38475 | 2024-07-01 | Apache HTTP Server weakness in mod_rewrite when first segment of substitution matches filesystem path. |
| CVE-2024-38476 | 2024-07-01 | Apache HTTP Server may use exploitable/malicious backend application output to run local handlers via internal redirect |
| CVE-2024-38477 | 2024-07-01 | Apache HTTP Server: Crash resulting in Denial of Service in mod_proxy via a malicious request |
| CVE-2024-39573 | 2024-07-01 | Apache HTTP Server: mod_rewrite proxy handler substitution |
| CVE-2024-36423 | 2024-07-01 | GHSL-2023-246: Flowise xss in /api/v1/public-chatflows/id |
| CVE-2024-37145 | 2024-07-01 | GHSL-2023-247: Flowise xss in /api/v1/chatflows-streaming/id |
| CVE-2024-37146 | 2024-07-01 | GHSL-2023-248: Flowise xss in /api/v1/credentials/id |
| CVE-2024-37298 | 2024-07-01 | Potential memory exhaustion attack due to sparse slice deserialization |
| CVE-2024-38513 | 2024-07-01 | Fiber Session Middleware Token Injection Vulnerability |
| CVE-2024-39303 | 2024-07-01 | Weblate vulnerabler to improper sanitization of project backups |
| CVE-2024-38366 | 2024-07-01 | CoacoaPods trunk RCE in email verification system rfc-822 |
| CVE-2024-5322 | 2024-07-01 | N-central Authentication Bypass via Session Rebinding |
| CVE-2024-38367 | 2024-07-01 | CoacoaPods trunk sessions verification step could be manipulated for owner session hijacking |
| CVE-2024-28200 | 2024-07-01 | N-central Authentication Bypass |
| CVE-2024-38368 | 2024-07-01 | Trunk's 'Claim your pod' could be used to obtain un-used pods |
| CVE-2024-39305 | 2024-07-01 | Envoy Proxy use after free when route hash policy is configured with cookie attributes |
| CVE-2024-39309 | 2024-07-01 | ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability |
| CVE-2024-39310 | 2024-07-01 | WordPress Basil Theme Authenticated (Contributor+) Persistent Cross-Site Scripting Vulnerability |
| CVE-2024-39313 | 2024-07-01 | toy-blog Improper Input Validation vulnerability |
| CVE-2024-39314 | 2024-07-01 | toy-blog administrative token leaked through the command line parameter |
| CVE-2022-25477 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys)... |
| CVE-2022-25478 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys)... |
| CVE-2022-25479 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys)... |
| CVE-2023-51777 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.1.0... |
| CVE-2024-22103 | 2024-07-02 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.6.0 allows local... |
| CVE-2024-22104 | 2024-07-02 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.5.1 allows local... |
| CVE-2024-22106 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local... |
| CVE-2024-25086 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.2.0 allows local... |
| CVE-2024-25088 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.5.1 allows local... |
| CVE-2024-39119 | 2024-07-02 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery... |
| CVE-2024-39143 | 2024-07-02 | A stored cross-site scripting (XSS) vulnerability exists in ResidenceCMS 2.10.1... |
| CVE-2024-39206 | 2024-07-02 | An issue discovered in MSP360 Backup Agent v7.8.5.15 and v7.9.4.84... |
| CVE-2024-39891 | 2024-07-02 | In the Twilio Authy API, accessed by Authy Android before... |
| CVE-2022-25480 | 2024-07-02 | Vulnerability in Realtek RtsPer driver for PCIe Card Reader (RtsPer.sys)... |
| CVE-2023-51776 | 2024-07-02 | Improper privilege management in Jungo WinDriver before 12.1.0 allows local... |
| CVE-2023-51778 | 2024-07-02 | Out-of-Bounds Write vulnerability in Jungo WinDriver before 12.1.0 allows local... |
| CVE-2024-22102 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.6.0... |
| CVE-2024-22105 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.5.1... |
| CVE-2024-25087 | 2024-07-02 | Denial of Service (DoS) vulnerability in Jungo WinDriver before 12.7.0... |
| CVE-2024-26314 | 2024-07-02 | Improper privilege management in Jungo WinDriver 6.0.0 through 16.1.0 allows... |
| CVE-2024-39894 | 2024-07-02 | OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks... |
| CVE-2024-4679 | 2024-07-02 | Folder Permission Vulnerability in JP1/Extensible SNMP Agent |
| CVE-2024-2819 | 2024-07-02 | File Permission Vulnerability in Hitachi Ops Center Common Services |
| CVE-2024-5938 | 2024-07-02 | Boot Store <= 1.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Button Shortcode |
| CVE-2024-5419 | 2024-07-02 | Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute |
| CVE-2024-5349 | 2024-07-02 | LA-Studio Element Kit for Elementor <= 1.3.8.1 - Authenticated (Contributor+) Local File Inclusion |
| CVE-2024-1427 | 2024-07-02 | The Post Grid <= 7.7.1 - Authenticated(Contributor+) Stored Cross-Site Scripting via section title tag |
| CVE-2024-3999 | 2024-07-02 | EazyDocs < 2.5.0 - Admin+ Stored XSS |
| CVE-2024-4627 | 2024-07-02 | Rank Math SEO < 1.0.219 - Authenticated Stored XSS |
| CVE-2024-5606 | 2024-07-02 | Quiz And Survey Master < 9.0.2 - Contributor+ SQLi |
| CVE-2024-5767 | 2024-07-02 | Sitetweet <= 0.2 - Stored XSS via CSRF |
| CVE-2024-0158 | 2024-07-02 | Dell BIOS contains an improper input validation vulnerability. A local... |
| CVE-2024-6172 | 2024-07-02 | Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce <= 5.7.25 - Unauthenticated SQL Injection via unsubscribe |
| CVE-2024-5219 | 2024-07-02 | Easy Google Maps <= 1.11.15 - Authenticated (Author+) Stored Cross-Site Scripting |
| CVE-2024-32852 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.0 contain use of... |
| CVE-2024-32853 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.7.0.2 contain an execution... |
| CVE-2024-32854 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper... |
| CVE-2024-37132 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an incorrect... |
| CVE-2024-37133 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper... |
| CVE-2024-37134 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper... |
| CVE-2024-37126 | 2024-07-02 | Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contain an improper... |
| CVE-2024-5504 | 2024-07-02 | Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget |
| CVE-2024-3513 | 2024-07-02 | Ultimate Blocks – WordPress Blocks Plugin <= 3.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via title tag attribute |
| CVE-2024-5545 | 2024-07-02 | Motors – Car Dealer, Classifieds & Listing <= 1.4.9 - Missing Authorization |
| CVE-2024-5544 | 2024-07-02 | Media Library Assistant <= 3.17 - Reflected Cross-Site Scripting |
| CVE-2024-37479 | 2024-07-02 | WordPress LA-Studio Element Kit for Elementor plugin <= 1.3.8.1 - Contributor+ Local File Inclusion vulnerability |
| CVE-2023-41917 | 2024-07-02 | Improper input validation in Kiloview P1/P2 devices allows for remote code execution |
| CVE-2023-41918 | 2024-07-02 | Missing Authentication for Critical Function in Kiloview P1/P2 devices |
| CVE-2023-41919 | 2024-07-02 | Use of Hard-coded Credentials in Kiloview P1/P2 devices |
| CVE-2023-41920 | 2024-07-02 | Authentication Bypass by Primary Weakness in Kiloview P1/P2 devices |
| CVE-2023-41921 | 2024-07-02 | Download of Code Without Integrity Check in Kiloview P1/P2 devices |
| CVE-2023-41922 | 2024-07-02 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Kiloview P1/P2 devices |
| CVE-2023-41923 | 2024-07-02 | Weak Password Requirements in Kiloview P1/P2 devices |
| CVE-2023-41926 | 2024-07-02 | Insufficiently protected credentials in Kiloview P1/P2 devices |
| CVE-2023-41927 | 2024-07-02 | Weak TLS Cipher Suites Supported in Kiloview P1/P2 devices |
| CVE-2023-41928 | 2024-07-02 | Remote server offers deprecated TLS protocol in Kiloview P1/P2 devices |
| CVE-2024-38857 | 2024-07-02 | Reflected links in visuals facilitate phishing attacks |
| CVE-2024-31071 | 2024-07-02 | Arkcompiler Ets Runtime has a type confusion vulnerability |
| CVE-2024-37030 | 2024-07-02 | Arkcompiler Ets Runtime has a use after free vulnerability |
| CVE-2024-36243 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds read vulnerability |
| CVE-2024-36278 | 2024-07-02 | Arkcompiler Ets Runtime has a type confusion vulnerability |
| CVE-2024-36260 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-37185 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-37077 | 2024-07-02 | Arkcompiler Ets Runtime has an out-of-bounds write vulnerability |
| CVE-2024-5260 | 2024-07-02 | Sina Extension for Elementor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via read_more_text Parameter |
| CVE-2024-4836 | 2024-07-02 | LFI in sites managed by Edito CMS |
| CVE-2024-20888 | 2024-07-02 | Improper access control in OneUIHome prior to SMR Jul-2024 Release... |
| CVE-2024-20889 | 2024-07-02 | Improper authentication in BLE prior to SMR Jul-2024 Release 1... |
| CVE-2024-20890 | 2024-07-02 | Improper input validation in BLE prior to SMR Jul-2024 Release... |
| CVE-2024-20891 | 2024-07-02 | Improper access control in launchFullscreenIntent of SystemUI prior to SMR... |
| CVE-2024-20892 | 2024-07-02 | Improper verification of signature in FilterProvider prior to SMR Jul-2024... |
| CVE-2024-20893 | 2024-07-02 | Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release... |
| CVE-2024-20894 | 2024-07-02 | Improper handling of exceptional conditions in Secure Folder prior to... |
| CVE-2024-20895 | 2024-07-02 | Improper access control in Dar service prior to SMR Jul-2024... |
| CVE-2024-20896 | 2024-07-02 | Use of implicit intent for sensitive communication in Configuration message... |
| CVE-2024-20897 | 2024-07-02 | Use of implicit intent for sensitive communication in FCM function... |
| CVE-2024-20898 | 2024-07-02 | Use of implicit intent for sensitive communication in SoftphoneClient in... |
| CVE-2024-20899 | 2024-07-02 | Use of implicit intent for sensitive communication in RCS function... |
| CVE-2024-20900 | 2024-07-02 | Improper authentication in MTP application prior to SMR Jul-2024 Release... |